92 matches found
[oCERT-2008-015] glib and glib-predecessor heap overflows
2008-015 glib and glib-predecessors heap overflows Description: Base64 encoding and decoding functions in glib suffer from vulnerabilities during memory allocation which may result in arbitrary code execution when processing large strings. A number of other GNOME-related applications which predat...
[oCERT-2009-002] OpenCORE insufficient bounds checking during MP3 decoding
2009-002 OpenCORE insufficient bounds checking during MP3 decoding Description: OpenCORE, an open source multimedia decoding subsystem, suffers from an integer underflow during Huffman decoding resulting in improper bounds checking when writing to a heap allocated buffer. Decoding a specially...
Slackware 11.0 / 12.0 / 12.1 / 12.2 / current : openssl (SSA:2009-014-01)
New openssl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, and -current to fix a security issue when connecting to an SSL/TLS server that uses a certificate containing a DSA or ECDSA key. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...
FreeBSD : mplayer -- multiple integer overflows (724e6f93-8f2a-11dd-821f-001cc0377035)
The oCERT team reports : The MPlayer multimedia player suffers from a vulnerability which could result in arbitrary code execution and at the least, in unexpected process termination. Three integer underflows located in the Real demuxer code can be used to exploit a heap overflow, a specific vide...
Fedora 9 : poppler-0.8.1-2.fc9 (2008-7012)
Security fix: Add upstream patch for CVE-2008-2950 / oCERT-2008-007 - use of an uninitialized pointer to call free in Page::Page 454277 http://www.ocert.org/advisories/ocert-2008-007.html Bug fixes: Fix crash when reading QuadPoints 448516 Use static FTLibrary in CairoOutputDev, as dynamic may...
Fedora 9 : xine-lib-1.1.15-1.fc9 (2008-7512)
This release fixes multiple bugs and security issues: - DoS via corrupted Ogg files CVE-2008-3231 - multiple possible buffer overflows detailed in oCERT-2008-008 For more details, see: http://sourceforge.net/project/shownotes.php?releaseid=619869&groupi d=9655...
[oCERT-2008-014] WordNet stack and heap overflows
2008/08/25 2008-014 WordNet stack and heap overflows Description: The WordNet 3.0 Unix library and command-line interface suffer from a number of stack overflows due to their handling of command line arguments, environment variables and data read from user supplied dictionaries. The oCERT team wa...
Fedora 8 : poppler-0.6.2-2.fc8 (2008-7104)
Security fix: Add upstream patch for CVE-2008-2950 / oCERT-2008-007 - use of an uninitialized pointer to call free in Page::Page 454277 http://www.ocert.org/advisories/ocert-2008-007.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...
[oCERT-2008-009] libxslt heap overflow
2008/07/31 2008-009 libxslt heap overflow Description: The libexslt library bundled with libxslt is affected by a heap-based buffer overflow which can lead to arbitrary code execution. The vulnerability is present in the rc4 encryption/decryption functions. An arbitrary length string, passed as a...
[Full-disclosure] #2008-007 libpoppler uninitialized pointer - POC
hi. I was in doubt about releasing this because of there is no official patch. I suppose at this point anyone could accomplish the same thing so, again I'm in doubt. A friend once told me that if in doubt take your pants off. I've already tried that and I didn't earn no resolution to my conflict...
[oCERT-2008-007] libpoppler uninitialized pointer
2008/07/07 2008-007 libpoppler uninitialized pointer Description: The poppler PDF rendering library suffers a memory management bug which leads to arbitrary code execution. The vulnerability is present in the Page class constructor/destructor. The pageWidgets object is not initialized in the Page...
[oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing
2008/06/09 2008-006 multiple SNMP implementations HMAC authentication spoofing Description: Some SNMP implementations include incomplete HMAC authentication code that allows spoofing of authenticated SNMPv3 packets. The authentication code reads the length to be checked from sender input, this...